How are they managing to do this? Surely it requires a permission in Android to access the list of installed apps, right?
It’s a default permission which can’t be revoked.
Wow that seems like a strange permission to have as default. It doesn’t seem like very many apps have a legitimate need for listing other installed apps unless I’m missing something.
Plugins and addons for other apps is probably the original motivator for this. Also handy to check if an app is present to listen to the intent signal you’re about to send out.
Of course, then the malware/spyware writers got ahold of it and here we are. Something with good intentions and assholes come along and ruin it for everyone. Kinda like pop up windows and cookies.
Google puts limits on which apps can see what’s installed on an Android device Only antivirus programs, file managers and similar will be able to see other apps on a user’s device.
https://www.engadget.com/google-restriction-apps-that-can-see-other-apps-111037925.html
It might be checking for specific root-related files on your device.